The District Court of Tallinn acquitted Mart Pirita (45), who was accused of locking down the e-mail accounts of the Minister of the Interior Hanno Pevkur and the Director General of Police and Border Guard Board (PPA) Elmar Vaher, because his guilt was not proved.
The District Court overruled the previous verdict by Harju County Court. The Harju County Court convicted Pirita and imposed a financial penalty of 270 daily rates, which is EUR 13’159.80.
The Prosecutor’s Office accused the ex-employee of IT and Development Centre at the Estonian Ministry of the Interior (SMIT) of illegal disrupting of computer systems by entering data. According to accusation, in August 2014 Pirita entered without permission different incorrect passwords for 14 user accounts in SM jurisdiction, which resulted in these user accounts being blocked. The attack was performed through TOR network which allows using the Internet anonymously and hide one’s tracks. The accusation noted that Pirita may have been motivated by the termination of his employment contract.
Presenting as a witness in the court, Tiit Hallas, the head of information security of SMIT described to the court that TOR network is used by child pornography and malware distributors. During the attack an IP address belonging to the company E-Positive.ee owned by Mart Pirita was logged into the TOR network.
The District Court found that the County Court made mistakes in evaluating the evidence and accidentally attested that the act was performed by Mart Pirita. Only the fact that Mart Pirita used the TOR network is not sufficient, as anyone using the network at that time could have performed the illegal act. The evidence collected by the prosecutor do not show direct relation to the act. The District Court admitted that several circumstances hinted that the blocker was related to SMIT but this is not enough for convicting someone. There are no direct evidence and indirect evidences are weak, found the District Court.
Yesterday’s verdict put an end to longstanding doubts whether trades with the cyber money should be treated as economic activity requiring special permit or not – in a landmark stand, Supreme Court declared mediation of Bitcoins an economic activity subject to anti-money-laundering supervision.
Uku Tampere, Police and Border Guard Board press representative:
For ordinary people buying or selling cryptocurrency in occasional transactions for own use, the Supreme Court judgement essentially alters nothing. However, when an individual begins to publicly offer cryptocurrency mediation service, he needs to apply for activity licence and meet the requirements prescribed by Money Laundering and Terrorist Financing Prevention Act.
In providing cyber security, the objective of the Internal Security Service is to identify cyber-attacks that could have been initiated by a foreign state or may threaten national security. The Information System Authority, the Estonian Information Board and the Police and Border Guard Board play an important role in the national cyber security community.
ISS doesn’t have much to inform us about. The section “Cyber Security” on page 22 and 23 contains mainly compilation of cyber security best practices.
Defacement and denial-of-service attacks can also become parts of sending a message to the enemy, i.e. influence operations. Some Estonian websites were defaced with Daesh symbols and messages in 2015. Although this was part of a global marketing campaign, it could also be regarded as a message to Estonian society.